Johan Berggren

Sounds good! Some prior work on this: The basic login analyzer https://github.com/google/timesketch/blob/master/timesketch/lib/analyzers/login.py A graph for win logins https://github.com/google/timesketch/blob/master/timesketch/lib/graphs/win_logins.py

Good catch! I'll take a look at the calendar widget we use here.

Ok, I found the issue. We are converting back the input from the widget to UTC, which in this case is confusing. I have a PR ready with a fix.

Good catch! We need to take the type information per attribute into account when creating the filters. I'll look into that as soon as time permits.

Good point - easy to fix. I'll get it done in the next UI sprint :)

This is a great idea and should be pretty simple to implement (just run the query with count and no result). We might want to consider caching the result on...

@itsmvd is this something that you would like to take on? :)

Did you run the login analyzer on the dataset first? This is not intuitive, and we are working on clarifying this but we need the annotation that the analyzer brings....

This would be a UI feature. Changing title to reflect this.

Good catch! We should consider making this default, and definitely add the option to choose. We will add this to our work log.